doctorate

Easttom: in cyber war, malware is “the weapon of choice”

raherschbach2 — Thu, 15 Mar 2018 13:06:00 +0000

Easttom: in cyber war, malware is “the weapon of choice” raherschbach2 March 15, 2018

Prior to beginning his doctoral degree at Capitol, consultant and IT professional Chuck Easttom had already made significant contributions to the fields of cybersecurity and computer science. He is the author of 26 books on programming, digital forensics, cyber security, and penetration testing. Several of those books are used as textbooks at various universities. He holds more than 40 industry certifications and has served as a subject matter expert for CompTIA certification exams in the creation of the CompTIA Security+, Server+, and Linux+ certifications. He was also on the Certified Ethical Hacker version 8 test revision team and created the OSForensics Certified Examiner course and test.

Easttom is a regular speaker at computer science and security conferences including Defcon, SecureWorld, ISC2 Security Congress, IEEE conferences, AAFS, and many others. He has already published dozens of peer reviewed papers and articles in trade journals like 2600 Hacker. Additionally Chuck Easttom is an inventor with 13 computer science patents so far.

Most recently, Easttom was invited to present a paper on weaponized malware at the 13^th International Conference on Cyber Warfare and Security, held from March 8 to 9 at National Defense University. In addition to the paper, Easttom is presenting a poster at the event.

What research did you present at the ICCWS?

The paper is, in effect, a how-to on weaponized malware, and puts forward the argument that we should use weaponized malware. Cyber warfare is here, it occurs, malware is the weapon of choice in this domain, so let’s look at how to use it effectively.

The paper also aims to set up a different type of malware taxonomy. Instead of looking at malware based on the damage it causes, we look at it based on which one would be best selected for particular cyber warfare missions.

In addition to the paper, I presented a poster on a proposed taxonomy based on the McCumber Cube, which is one of the important conceptual models used in the cybersecurity field. The McCumber Cube provides a view that goes beyond the oft-cited triad of confidentiality, integrity, and availability; it allows us, for instance, to apply these three parameters to data at rest, data in motion, and data in processing. So we get multiple dimensions. What I’m proposing is a taxonomy for all types of attacks – malware, denial of service, or any other type of attack – based on which of the McCumber Cube dimensions they affect. I have a paper in the works on this topic.

What are some of the objections raised against use of weaponized malware, and how would you answer these objections?

The first is the general ethical issue of using cyber, in any way, as part of an offensive methodology. However, it is simply a fact that countries have cyber conflicts. That’s the reality. From my perspective, weaponizing malware isn’t different from developing any other type of weapon. Scientists work on developing missiles, guns, and other things. Why would a cyber weapon be any different? What I find odd in these ethical discussions is that the same people who voice outrage at the fact that the United States or one of our allies might attack computers in Iran don’t seem as outraged when we send in a plane and drop bombs. Now, if you’re angry at me, would it be better from my perspective for you to drop a bomb on my house or target me with a computer virus. Maybe others will disagree, but I vote for the virus!

That brings us to the second objection. Carl Sagan famously opined that no scientist should be involved in any sort of weapons research. While Sagan is a great hero of mine, I can’t agree with that. We live in a world where bad things happen and there are bad people. That means weapons are required, including cyber weapons.

One of the things I do discuss in my paper, though, is how to minimize collateral damage. I’ve already published research on how to target malware so that it looks at the machine it is on and determines whether it has found one of its targets; if not, it would self-destruct. That’s something we’re not doing that I think we should.

The Stuxnet virus offers a case in point. Experts agree that Stuxnet was designed to target Iranian nuclear refinement. In the process of reaching its target, though, it affected a whole lot of machines that had nothing to do with Iran or its nuclear program. And that’s a problem. Even if we agree that it’s okay to attack Machine X, it’s not okay to attack every machine that might connect to X.

You’re already a cybersecurity expert who has authored many books and publications. What motivated you to undertake a doctoral degree, and why did you choose Capitol?

We all have gaps in our knowledge. No matter how much expertise you may have, there are going to be areas where you can afford to strengthen your understanding. It’s not uncommon to encounter people – a colleague, say, or even a professor – who know less than you in terms of the overall field, but may have one particular piece that you don’t have. We have to be ready to put our egos to one side and be willing to close those gaps.

Another reason is more personal. As a child, being something of a geek, I always imagined I would have a doctorate by the time I was 25. Life got in the way and I’m well past 25. My wife told me I would never be happy until I achieve that milestone, and she’s probably right. Not having a doctorate hasn’t hurt my career; I’m a frequent public speaker, often at events where I’m the only speaker without a doctoral degree, and have published several books. But it’s a matter of self-fulfillment.

Capitol jumped out for a couple of reasons. Online education has exploded in recent years, but quite a few of the schools involved – especially the for-profit schools – have what I would consider to be very weak programs. In some cases, they exist mainly for one purpose -- to take your money. Capitol is not an online for-profit school; it’s a bonafide university. The undergraduate engineering programs are ABET-accredited; the school has contacts with NASA, and it’s a DHS and NSA-designated Center for Excellence in cybersecurity. It’s a strong university that happens to offer the opportunity to take courses online.

I also like the fact that Capitol is focused. There aren’t 500 different majors you can take. If you want to major in medieval European history, Capitol isn’t the school for you. Capitol does business, engineering, and technology. I like being at an institution that has this kind of focus.

Categories: doctorate, Cybersecurity

Ojo: Data Analytics Can Improve Disaster Relief

raherschbach2 — Wed, 06 Dec 2017 16:06:49 +0000

Ojo: Data Analytics Can Improve Disaster Relief raherschbach2 December 6, 2017

When Typhoon Haiyan struck Southeast Asia in 2013, an estimated 6,300 people died in the Philippines alone, and millions were displaced. Williams Ojo, a doctoral student in Capitol Technology University’s PhD program in business analytics and decision sciences, believes those numbers would have been smaller if relief efforts had not been hampered by problems with communication and information management.

“There was a gap in terms of trying to identify precisely the number of people affected and the number of nurses and doctors that needed to be deployed in specific areas,” recalls Ojo, who served as an World Health Organization (WHO) information systems management officer in the wake of the disaster. “I observed that some locations had more doctors and nurses than needed, while others did not have enough. This was because of the lack of an integrated database.”

Lessons learned from the Haiyan relief efforts were the subject of Ojo’s presentation to the Decision Sciences Institute (DSI) conference in Washington, DC, held in November. Data analytics and modelling provide tools that can enable resources to be allocated more precisely, Ojo said in his conference paper, Information Management During Disaster Response in Visayas Region of the Philippines: Typhoon Haiyan Experience.

Steps proposed by Ojo include the development of a simulation model that harnesses data from multiple sources, including satellite imagery and census information, to predict the human resources and medical supplies required for a given community.

Children, pregnant women, the disabled, and the elderly all have different sets of needs, and data-driven modelling could allow relief agencies to calibrate their assistance more precisely, he said.

“If we have baseline data regarding the population, number of health facilities, and human resources in a given area, then we can use modelling to determine the appropriate number of doctors, nurses, sanitation workers, and other personnel that need to be sent to that area during an emergency,” Ojo said.

As a presenter at the annual Decision Sciences (DSI) Institute conference, Ojo had the opportunity to share his work and exchange ideas with a global community of decision scientists, all attending one of the key professional events in the field. The DSI holds its annual conference each fall at different locations around the world.

Ojo, who began his doctoral studies at Capitol in the spring of 2017, plans further research into the use of analytics and modelling tools as he completes his PhD dissertation in business and analytics, one of three online doctorates available at the university.

Capitol’s doctoral program in cybersecurity, launched in 2010, was the first of its kind and has received successive Center of Excellence designations from the DHS and NSA. In 2014, the university established its PhD program in business analytics and decision sciences, and in 2017 Capitol unveiled a new PhD in technology. For more information about Capitol’s programs, contact gradmit@captechu.edu.

Categories: doctorate

Laura Black: Professional, parent -- and doctoral degree student

Anonymous — Wed, 03 May 2017 15:49:28 +0000

Laura Black: Professional, parent -- and doctoral degree student Anonymous (not verified) May 3, 2017

Doctoral students at Capitol Technology University typically are established in their careers and their goal is to deepen their expertise in order to advance further. Many are also raising families. Online programs such as Capitol’s eliminate the need to travel to another destination in order to achieve their academic goals, thus serving students who might otherwise be hampered by geographical constraints.

“There just aren’t very many doctorates in cyber,” says Laura Black, who is completing her DSc at Capitol. ”And the ones that exist are not near where I currently live. It wasn’t feasible for me to move someplace for three years. I have a house here in the DC area; I have a family -- I can’t just tell everyone ‘ok, let’s go!’”

“I needed to find something that was either DC-based or that I could do while remaining in the DC area.

Capitol’s DSc program, established in 2012, centers on online classes provided through an Adobe Connect-based, synchronous distance learning platform. Black says the interactivity of a real-time session adds an extra dimension to the learning experience.

“I’ve really enjoyed the classes that we have the most discussion in. I was surprised to find that the Adobe Connect infrastructure was that versatile in terms of, say, having a group dialogue,” she said. “Some of the professors really focus on getting people to talk, on fostering that discussion and banter and camaraderie, often among people with very different backgrounds. Because we have students from all over the United States, it’s been really interesting to see how people in say Texas or California look at things.”

Because the class sessions are recorded, she has the opportunity to review and reinforce important material from the lectures and discussions.

“I like the fact that I can go back and replay segments if I need to – that’s really useful. If the instructor says ‘this is what I want for homework next week,’ I can put down into my notes that he said this, say, eight minutes and twenty seconds into the session. And then later I can go back and scroll through that if I need to,” Black said.

“I still take notes, but it’s good to know that if I missed something – for example, if I had to step away for a few minutes to go put my son to bed -- I can always go back and review it.”

Pictured: Laura Black with son Robbie

Categories: Students, doctorate